From: Victor Julien Date: Fri, 19 Jun 2015 11:02:29 +0000 (+0200) Subject: smtp json: fix potential crash on malloc failure X-Git-Tag: suricata-3.0RC1~291 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bd73553027a3a77815d09457a899791bbe8a76ff;p=thirdparty%2Fsuricata.git smtp json: fix potential crash on malloc failure ** CID 1298888: (FORWARD_NULL) /src/output-json-email-common.c: 117 in JsonEmailLogJson() /src/output-json-email-common.c: 140 in JsonEmailLogJson() --- diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c index 4c427d4467..1efa9ce80f 100644 --- a/src/output-json-email-common.c +++ b/src/output-json-email-common.c @@ -114,19 +114,21 @@ static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packe if (field != NULL) { json_t *js_to = json_array(); if (likely(js_to != NULL)) { - char *savep = NULL; - char *p; to_line = BytesToString((uint8_t *)field->value, (size_t)field->value_len); - //printf("to_line:: TO: \"%s\" (%d)\n", to_line, strlen(to_line)); - p = strtok_r(to_line, ",", &savep); - //printf("got another addr: \"%s\"\n", p); - json_array_append_new(js_to, json_string(p)); - while ((p = strtok_r(NULL, ",", &savep)) != NULL) { + if (likely(to_line != NULL)) { + char *savep = NULL; + char *p; + //printf("to_line:: TO: \"%s\" (%d)\n", to_line, strlen(to_line)); + p = strtok_r(to_line, ",", &savep); //printf("got another addr: \"%s\"\n", p); - json_array_append_new(js_to, json_string(&p[strspn(p, " ")])); + json_array_append_new(js_to, json_string(p)); + while ((p = strtok_r(NULL, ",", &savep)) != NULL) { + //printf("got another addr: \"%s\"\n", p); + json_array_append_new(js_to, json_string(&p[strspn(p, " ")])); + } + SCFree(to_line); } - SCFree(to_line); json_object_set_new(sjs, "to", js_to); } } @@ -137,19 +139,21 @@ static TmEcode JsonEmailLogJson(JsonEmailLogThread *aft, json_t *js, const Packe if (field != NULL) { json_t *js_cc = json_array(); if (likely(js_cc != NULL)) { - char *savep = NULL; - char *p; cc_line = BytesToString((uint8_t *)field->value, (size_t)field->value_len); - //printf("cc_line:: CC: \"%s\" (%d)\n", to_line, strlen(to_line)); - p = strtok_r(cc_line, ",", &savep); - //printf("got another addr: \"%s\"\n", p); - json_array_append_new(js_cc, json_string(p)); - while ((p = strtok_r(NULL, ",", &savep)) != NULL) { + if (likely(cc_line != NULL)) { + char *savep = NULL; + char *p; + //printf("cc_line:: CC: \"%s\" (%d)\n", to_line, strlen(to_line)); + p = strtok_r(cc_line, ",", &savep); //printf("got another addr: \"%s\"\n", p); - json_array_append_new(js_cc, json_string(&p[strspn(p, " ")])); + json_array_append_new(js_cc, json_string(p)); + while ((p = strtok_r(NULL, ",", &savep)) != NULL) { + //printf("got another addr: \"%s\"\n", p); + json_array_append_new(js_cc, json_string(&p[strspn(p, " ")])); + } + SCFree(cc_line); } - SCFree(cc_line); json_object_set_new(sjs, "cc", js_cc); } }